Closed
Bug 778328
Opened 12 years ago
Closed 12 years ago
deploystudio images should regenerate SSH key
Categories
(Infrastructure & Operations :: RelOps: General, task)
Infrastructure & Operations
RelOps: General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: dustin, Assigned: dividehex)
Details
I've re-deploystudio'd a few minis now, and SSH isn't complaining that the SSH host key has changed.
We should probably have a post-deploy task that regenerates these, otherwise everything will have the same host key.
Comment 1•12 years ago
|
||
> We should probably have a post-deploy task that regenerates these, otherwise
> everything will have the same host key.
What's the risk there?
Reporter | ||
Comment 2•12 years ago
|
||
It's minor, but it means that a well-known SSH key will be accepted for a wide range of IPs, and since we generally do password auth, that runs the risk of entering the password for a non-recognized slave.
Comment 3•12 years ago
|
||
Honestly, I think the fact that they have the same key is a feature. This means that we don't have to remove the key from known_hosts and re-add it every time a machine is reimaged. I seriously doubt that anyone is going to catch a spoofed machine this way since people log in so infrequently after reimaging that they will automatically accept the new key.
This might also break any automated jobs that no longer trust the key of a reimaged machine.
Reporter | ||
Comment 4•12 years ago
|
||
Hm, OK..
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Updated•11 years ago
|
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in
before you can comment on or make changes to this bug.
Description
•